Error: SHELLCHECK_WARNING (CWE-398): [#def1] /usr/share/buildah/test/system/add.bats:116:11: warning[SC2100]: Use $((..)) for arithmetics, e.g. i=$((i - 2)) # 114| @test "add single file creates absolute path with correct permissions" { # 115| _prefetch ubuntu # 116|-> imgName=ubuntu-image # 117| createrandom ${TEST_SCRATCH_DIR}/distutils.cfg # 118| permission=$(stat -c "%a" ${TEST_SCRATCH_DIR}/distutils.cfg) Error: SHELLCHECK_WARNING (CWE-398): [#def2] /usr/share/buildah/test/system/add.bats:136:11: warning[SC2100]: Use $((..)) for arithmetics, e.g. i=$((i - 2)) # 134| @test "add single file creates relative path with correct permissions" { # 135| _prefetch ubuntu # 136|-> imgName=ubuntu-image # 137| createrandom ${TEST_SCRATCH_DIR}/distutils.cfg # 138| permission=$(stat -c "%a" ${TEST_SCRATCH_DIR}/distutils.cfg) Error: SHELLCHECK_WARNING (CWE-156): [#def3] /usr/share/buildah/test/system/blobcache.bats:41:10: warning[SC2046]: Quote this to prevent word splitting. # 39| for blob in ${blobcachedir}/* ; do # 40| if cmp -s ${content} ${blob} ; then # 41|-> echo $(file ${blob}) and ${content} have the same contents, was cached # 42| match=true # 43| break Error: SHELLCHECK_WARNING (CWE-140): [#def4] /usr/share/buildah/test/system/bud.bats:242:23: warning[SC2207]: Prefer mapfile or read -a to split command output (or quote to avoid splitting). # 240| # Containerfile must contain one or more (four, as of 2022-10) lines # 241| # of the form 'ARG TARGETxxx' for each of the variables of interest. # 242|-> local -a checkvars=($(sed -ne 's/^ARG //p' <$containerfile)) # 243| assert "${checkvars[*]}" != "" \ # 244| "INTERNAL ERROR! No 'ARG xxx' lines in $containerfile!" Error: SHELLCHECK_WARNING (CWE-156): [#def5] /usr/share/buildah/test/system/bud.bats:492:29: warning[SC2046]: Quote this to prevent word splitting. # 490| run_buildah 125 build -t testbud3 $WITH_POLICY_JSON $BUDFILES/dockerignore3 # 491| expect_output --substring 'building.*"COPY test1.txt /upload/test1.txt".*no such file or directory' # 492|-> expect_output --substring $(realpath "$BUDFILES/dockerignore3/.dockerignore") # 493| } # 494| Error: SHELLCHECK_WARNING (CWE-457): [#def6] /usr/share/buildah/test/system/bud.bats:682:10: warning[SC2154]: targetArch is referenced but not assigned (did you mean 'targetarch'?). # 680| targetarch="arm64" # 681| # 682|-> if [[ "$targetArch" == "$myarch" ]]; then # 683| targetarch="amd64" # 684| fi Error: SHELLCHECK_WARNING (CWE-140): [#def7] /usr/share/buildah/test/system/bud.bats:2214:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. # 2212| @test "bud-from-scratch-label" { # 2213| run_buildah --version # 2214|-> local -a output_fields=($output) # 2215| buildah_version=${output_fields[2]} # 2216| want_output='map["io.buildah.version":"'$buildah_version'" "test":"label"]' Error: SHELLCHECK_WARNING (CWE-140): [#def8] /usr/share/buildah/test/system/bud.bats:2338:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. # 2336| # 2337| run_buildah --version # 2338|-> local -a output_fields=($output) # 2339| buildah_version=${output_fields[2]} # 2340| Error: SHELLCHECK_WARNING (CWE-563): [#def9] /usr/share/buildah/test/system/bud.bats:3017:3: warning[SC2034]: from_cid appears unused. Verify use (or export if used externally). # 3015| expect_output --substring "@unique.test.string@" # 3016| run_buildah from --quiet ${from_target} # 3017|-> from_cid=$output # 3018| run_buildah from ${target} # 3019| } Error: SHELLCHECK_WARNING (CWE-398): [#def10] /usr/share/buildah/test/system/bud.bats:3032:10: warning[SC2100]: Use $((..)) for arithmetics, e.g. i=$((i - 2)) # 3030| # 3031| @test "bud with Dockerfile from valid URL" { # 3032|-> target=url-image # 3033| url=https://raw.githubusercontent.com/containers/buildah/main/tests/bud/from-scratch/Dockerfile # 3034| run_buildah build $WITH_POLICY_JSON -t ${target} ${url} Error: SHELLCHECK_WARNING (CWE-398): [#def11] /usr/share/buildah/test/system/bud.bats:3039:10: warning[SC2100]: Use $((..)) for arithmetics, e.g. i=$((i - 2)) # 3037| # 3038| @test "bud with Dockerfile from invalid URL" { # 3039|-> target=url-image # 3040| url=https://raw.githubusercontent.com/containers/buildah/main/tests/bud/from-scratch/Dockerfile.bogus # 3041| run_buildah 125 build $WITH_POLICY_JSON -t ${target} ${url} Error: SHELLCHECK_WARNING (CWE-156): [#def12] /usr/share/buildah/test/system/bud.bats:3630:8: warning[SC2046]: Quote this to prevent word splitting. # 3628| # 3629| # Check that both the version with --jobs 1 and --jobs=N have the same number of files # 3630|-> test $(find $root_single_job -type f | wc -l) = $(find $root_multi_job -type f | wc -l) # 3631| } # 3632| Error: SHELLCHECK_WARNING (CWE-156): [#def13] /usr/share/buildah/test/system/bud.bats:3630:51: warning[SC2046]: Quote this to prevent word splitting. # 3628| # 3629| # Check that both the version with --jobs 1 and --jobs=N have the same number of files # 3630|-> test $(find $root_single_job -type f | wc -l) = $(find $root_multi_job -type f | wc -l) # 3631| } # 3632| Error: SHELLCHECK_WARNING (CWE-140): [#def14] /usr/share/buildah/test/system/bud.bats:4076:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. # 4074| @test "bud-no-change-label" { # 4075| run_buildah --version # 4076|-> local -a output_fields=($output) # 4077| buildah_version=${output_fields[2]} # 4078| want_output='map["io.buildah.version":"'$buildah_version'" "test":"label"]' Error: SHELLCHECK_WARNING (CWE-571): [#def15] /usr/share/buildah/test/system/bud.bats:4507:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4505| mkdir -p $ocidir/blobs/sha256 # 4506| # Build an image config and image manifest in parallel # 4507|-> local configos=$(${BUILDAH_BINARY} info --format '{{.host.os}}') # 4508| local configarch=$(${BUILDAH_BINARY} info --format '{{.host.arch}}') # 4509| local configvariant=$(${BUILDAH_BINARY} info --format '{{.host.variant}}') Error: SHELLCHECK_WARNING (CWE-571): [#def16] /usr/share/buildah/test/system/bud.bats:4508:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4506| # Build an image config and image manifest in parallel # 4507| local configos=$(${BUILDAH_BINARY} info --format '{{.host.os}}') # 4508|-> local configarch=$(${BUILDAH_BINARY} info --format '{{.host.arch}}') # 4509| local configvariant=$(${BUILDAH_BINARY} info --format '{{.host.variant}}') # 4510| local configvariantkv=${configvariant:+'"variant": "'${configvariant}'", '} Error: SHELLCHECK_WARNING (CWE-571): [#def17] /usr/share/buildah/test/system/bud.bats:4509:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4507| local configos=$(${BUILDAH_BINARY} info --format '{{.host.os}}') # 4508| local configarch=$(${BUILDAH_BINARY} info --format '{{.host.arch}}') # 4509|-> local configvariant=$(${BUILDAH_BINARY} info --format '{{.host.variant}}') # 4510| local configvariantkv=${configvariant:+'"variant": "'${configvariant}'", '} # 4511| echo '{"architecture": "'"${configarch}"'", "os": "'"${configos}"'", '"${configvariantkv}"'"rootfs": {"type": "layers", "diff_ids": [' > ${TEST_SCRATCH_DIR}/config.json Error: SHELLCHECK_WARNING (CWE-571): [#def18] /usr/share/buildah/test/system/bud.bats:4520:11: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4518| tar -c -C ${TEST_SCRATCH_DIR} -f ${TEST_SCRATCH_DIR}/layer$layer.tar file$layer # 4519| # Get the layer blob's digest and size # 4520|-> local diffid=$(sha256sum ${TEST_SCRATCH_DIR}/layer$layer.tar) # 4521| local diffsize=$(wc -c ${TEST_SCRATCH_DIR}/layer$layer.tar) # 4522| # Link the blob into where an OCI layout would put it. Error: SHELLCHECK_WARNING (CWE-571): [#def19] /usr/share/buildah/test/system/bud.bats:4521:11: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4519| # Get the layer blob's digest and size # 4520| local diffid=$(sha256sum ${TEST_SCRATCH_DIR}/layer$layer.tar) # 4521|-> local diffsize=$(wc -c ${TEST_SCRATCH_DIR}/layer$layer.tar) # 4522| # Link the blob into where an OCI layout would put it. # 4523| ln ${TEST_SCRATCH_DIR}/layer$layer.tar $ocidir/blobs/sha256/${diffid%% *} Error: SHELLCHECK_WARNING (CWE-571): [#def20] /usr/share/buildah/test/system/bud.bats:4540:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4538| echo ']}, "config": { "Cmd": ["/bin/sh"], "Env": [ "PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin" ]}}' >> ${TEST_SCRATCH_DIR}/config.json # 4539| # Compute the config blob's digest and size, so that we can list it in the manifest. # 4540|-> local configsize=$(wc -c ${TEST_SCRATCH_DIR}/config.json) # 4541| local configdigest=$(sha256sum ${TEST_SCRATCH_DIR}/config.json) # 4542| # Finish the manifest with information about the config blob. Error: SHELLCHECK_WARNING (CWE-571): [#def21] /usr/share/buildah/test/system/bud.bats:4541:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4539| # Compute the config blob's digest and size, so that we can list it in the manifest. # 4540| local configsize=$(wc -c ${TEST_SCRATCH_DIR}/config.json) # 4541|-> local configdigest=$(sha256sum ${TEST_SCRATCH_DIR}/config.json) # 4542| # Finish the manifest with information about the config blob. # 4543| echo '], "config": { "mediaType": "application/vnd.oci.image.config.v1+json", "digest": "sha256:'${configdigest%% *}'", "size": '${configsize%% *}'}}' >> ${TEST_SCRATCH_DIR}/manifest.json Error: SHELLCHECK_WARNING (CWE-571): [#def22] /usr/share/buildah/test/system/bud.bats:4545:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4543| echo '], "config": { "mediaType": "application/vnd.oci.image.config.v1+json", "digest": "sha256:'${configdigest%% *}'", "size": '${configsize%% *}'}}' >> ${TEST_SCRATCH_DIR}/manifest.json # 4544| # Compute the manifest's digest and size, so that we can list it in the OCI layout index. # 4545|-> local manifestsize=$(wc -c ${TEST_SCRATCH_DIR}/manifest.json) # 4546| local manifestdigest=$(sha256sum ${TEST_SCRATCH_DIR}/manifest.json) # 4547| # Link the config blob and manifest into where an OCI layout would put them. Error: SHELLCHECK_WARNING (CWE-571): [#def23] /usr/share/buildah/test/system/bud.bats:4546:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4544| # Compute the manifest's digest and size, so that we can list it in the OCI layout index. # 4545| local manifestsize=$(wc -c ${TEST_SCRATCH_DIR}/manifest.json) # 4546|-> local manifestdigest=$(sha256sum ${TEST_SCRATCH_DIR}/manifest.json) # 4547| # Link the config blob and manifest into where an OCI layout would put them. # 4548| ln ${TEST_SCRATCH_DIR}/config.json $ocidir/blobs/sha256/${configdigest%% *} Error: SHELLCHECK_WARNING (CWE-670): [#def24] /usr/share/buildah/test/system/bud.bats:4562:11: warning[SC2128]: Expanding an array without an index only gives the first element. # 4560| # out of all of this. # 4561| run_buildah inspect --format '{{.History}}' fakeregistry.podman.invalid/notreal # 4562|-> assert "${lines}" == '[]' "base image generated for test had history field that was not an empty slice" # 4563| # Build images using our image-with-no-history as a base, to check that we # 4564| # don't trip over ourselves when doing so. Error: SHELLCHECK_WARNING (CWE-571): [#def25] /usr/share/buildah/test/system/bud.bats:4611:10: warning[SC2155]: Declare and assign separately to avoid masking return values. # 4609| # 4610| # Envariable from environment # 4611|-> export foo=$(random_string 20) # 4612| run_buildah build $WITH_POLICY_JSON -t ${target} --build-arg foo $BUDFILES/build-arg # 4613| assert "${lines[3]}" = "$foo" Error: SHELLCHECK_WARNING (CWE-140): [#def26] /usr/share/buildah/test/system/bud.bats:4638:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. # 4636| run_buildah build $WITH_POLICY_JSON -t ${target} $BUDFILES/from-scratch # 4637| run_buildah --version # 4638|-> local -a output_fields=($output) # 4639| buildah_version=${output_fields[2]} # 4640| Error: SHELLCHECK_WARNING (CWE-153): [#def27] /usr/share/buildah/test/system/bud.bats:4857:23: warning[SC2053]: Quote the right-hand side of != in [[ ]] to prevent glob matching. # 4855| # as a sanity thing. # 4856| for other in $actions; do # 4857|-> if [[ $other != $action ]]; then # 4858| assert "$(< ${TEST_SCRATCH_DIR}/${action}1)" != "$(< ${TEST_SCRATCH_DIR}/${other}1)" \ # 4859| "iidfile(${action}1) != iidfile(${other}1)" Error: SHELLCHECK_WARNING (CWE-156): [#def28] /usr/share/buildah/test/system/bud.bats:6277:17: warning[SC2046]: Quote this to prevent word splitting. # 6275| # Build and export container to tar # 6276| run_buildah build --no-cache $WITH_POLICY_JSON -t ${target} -f $BUDFILES/containerfile/Containerfile.in $BUDFILES/containerfile # 6277|-> podman export $(podman create --name ${target} --net=host ${target}) --output=$contextdir.tar # 6278| # 6279| # We are done exporting so remove images and containers which are not needed Error: SHELLCHECK_WARNING (CWE-156): [#def29] /usr/share/buildah/test/system/bud.bats:6302:17: warning[SC2046]: Quote this to prevent word splitting. # 6300| # Build and export container to tar # 6301| run_buildah build --no-cache $WITH_POLICY_JSON -t ${target} -f $BUDFILES/add-run-dir/Dockerfile # 6302|-> podman export $(podman create --name ${target} --net=host ${target}) --output=$contextdir.tar # 6303| # 6304| # We are done exporting so remove images and containers which are not needed Error: SHELLCHECK_WARNING (CWE-149): [#def30] /usr/share/buildah/test/system/bud.bats:6487:21: warning[SC2140]: Word is of the form "A"B"C" (B indicated). Did you mean "ABC" or "A\"B\"C"? # 6485| _EOF # 6486| target=env-image # 6487|-> check="FTP_PROXY="FTP" ftp_proxy=ftp http_proxy=http HTTPS_PROXY=HTTPS" # 6488| bogus="BOGUS_PROXY=BOGUS" # 6489| eval $check $bogus run_buildah build --unsetenv PATH $WITH_POLICY_JSON -t oci-${target} -f $mytmpdir/Containerfile . Error: SHELLCHECK_WARNING (CWE-457): [#def31] /usr/share/buildah/test/system/bud.bats:6751:9: warning[SC2154]: http_proxy is referenced but not assigned. # 6749| expect_rc=6 # 6750| expect_err="Could not resolve host: www.redhat.com" # 6751|-> if [[ $http_proxy != "" ]]; then # 6752| expect_rc=5 # 6753| expect_err="Could not resolve proxy:" Error: SHELLCHECK_WARNING (CWE-156): [#def32] /usr/share/buildah/test/system/bud.bats:6868:11: warning[SC2046]: Quote this to prevent word splitting. # 6866| echo FROM busybox > ${TEST_SCRATCH_DIR}/Containerfile # 6867| arch=amd64 # 6868|-> if test $(arch) = x86_64 ; then # 6869| arch=arm64 # 6870| fi Error: SHELLCHECK_WARNING: [#def33] /usr/share/buildah/test/system/cdi.bats:12:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal). # 10| sed -e s:@@hostcdipath@@:$cdidir:g $BUDFILES/cdi/containers-cdi.yaml > $cdidir/containers-cdi.yaml # 11| chmod 644 $cdidir/containers-cdi.yaml # 12|-> echo === Begin CDI configuration in $cdidir/containers-cdi.yaml === # 13| cat $cdidir/containers-cdi.yaml # 14| echo === End CDI configuration === Error: SHELLCHECK_WARNING: [#def34] /usr/share/buildah/test/system/cdi.bats:14:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal). # 12| echo === Begin CDI configuration in $cdidir/containers-cdi.yaml === # 13| cat $cdidir/containers-cdi.yaml # 14|-> echo === End CDI configuration === # 15| run_buildah build $WITH_POLICY_JSON --cdi-config-dir=$cdidir --security-opt label=disable --device=containers.github.io/sample=all --device=/dev/null:/dev/outsidenull:rwm $BUDFILES/cdi # 16| } Error: SHELLCHECK_WARNING: [#def35] /usr/share/buildah/test/system/cdi.bats:25:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal). # 23| sed -e s:@@hostcdipath@@:$cdidir:g $BUDFILES/cdi/containers-cdi.yaml > $cdidir/containers-cdi.yaml # 24| chmod 644 $cdidir/containers-cdi.yaml # 25|-> echo === Begin CDI configuration in $cdidir/containers-cdi.yaml === # 26| cat $cdidir/containers-cdi.yaml # 27| echo === End CDI configuration === Error: SHELLCHECK_WARNING: [#def36] /usr/share/buildah/test/system/cdi.bats:27:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal). # 25| echo === Begin CDI configuration in $cdidir/containers-cdi.yaml === # 26| cat $cdidir/containers-cdi.yaml # 27|-> echo === End CDI configuration === # 28| run_buildah from $WITH_POLICY_JSON --security-opt label=disable --cdi-config-dir=$cdidir --device=containers.github.io/sample=all --device=/dev/null:/dev/outsidenull:rwm busybox # 29| cid="$output" Error: SHELLCHECK_WARNING: [#def37] /usr/share/buildah/test/system/cdi.bats:40:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal). # 38| sed -e s:@@hostcdipath@@:$cdidir:g $BUDFILES/cdi/containers-cdi.yaml > $cdidir/containers-cdi.yaml # 39| chmod 644 $cdidir/containers-cdi.yaml # 40|-> echo === Begin CDI configuration in $cdidir/containers-cdi.yaml === # 41| cat $cdidir/containers-cdi.yaml # 42| echo === End CDI configuration === Error: SHELLCHECK_WARNING: [#def38] /usr/share/buildah/test/system/cdi.bats:42:3: error[SC2284]: Use [ x = y ] to compare values (or quote '==' if literal). # 40| echo === Begin CDI configuration in $cdidir/containers-cdi.yaml === # 41| cat $cdidir/containers-cdi.yaml # 42|-> echo === End CDI configuration === # 43| run_buildah from $WITH_POLICY_JSON --security-opt label=disable busybox # 44| cid="$output" Error: SHELLCHECK_WARNING (CWE-156): [#def39] /usr/share/buildah/test/system/chroot.bats:50:14: warning[SC2046]: Quote this to prevent word splitting. # 48| # looking for $storagedir, so tweak perms to let them do at least that much # 49| fixupdir=$storagedir # 50|-> while test $(stat -c %d:%i $fixupdir) != $(stat -c %d:%i /) ; do # 51| # walk up to root, or the first parent that we don't own # 52| if test $(stat -c %u $fixupdir) -ne $(id -u) ; then Error: SHELLCHECK_WARNING (CWE-156): [#def40] /usr/share/buildah/test/system/chroot.bats:50:44: warning[SC2046]: Quote this to prevent word splitting. # 48| # looking for $storagedir, so tweak perms to let them do at least that much # 49| fixupdir=$storagedir # 50|-> while test $(stat -c %d:%i $fixupdir) != $(stat -c %d:%i /) ; do # 51| # walk up to root, or the first parent that we don't own # 52| if test $(stat -c %u $fixupdir) -ne $(id -u) ; then Error: SHELLCHECK_WARNING (CWE-156): [#def41] /usr/share/buildah/test/system/chroot.bats:52:13: warning[SC2046]: Quote this to prevent word splitting. # 50| while test $(stat -c %d:%i $fixupdir) != $(stat -c %d:%i /) ; do # 51| # walk up to root, or the first parent that we don't own # 52|-> if test $(stat -c %u $fixupdir) -ne $(id -u) ; then # 53| break # 54| fi Error: SHELLCHECK_WARNING (CWE-156): [#def42] /usr/share/buildah/test/system/chroot.bats:52:41: warning[SC2046]: Quote this to prevent word splitting. # 50| while test $(stat -c %d:%i $fixupdir) != $(stat -c %d:%i /) ; do # 51| # walk up to root, or the first parent that we don't own # 52|-> if test $(stat -c %u $fixupdir) -ne $(id -u) ; then # 53| break # 54| fi Error: SHELLCHECK_WARNING (CWE-140): [#def43] /usr/share/buildah/test/system/commit.bats:169:33: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. # 167| # 168| run_buildah --version # 169|-> local -a output_fields=($output) # 170| buildah_version=${output_fields[2]} # 171| Error: SHELLCHECK_WARNING (CWE-156): [#def44] /usr/share/buildah/test/system/commit.bats:302:30: warning[SC2046]: Quote this to prevent word splitting. # 300| cid=$output # 301| run_buildah run $cid touch /testfile # 302|-> run_buildah run $cid chown $(id -u):$(id -g) /testfile # 303| run_buildah commit $cid dir:${TEST_SCRATCH_DIR}/new-image # 304| config=$(jq -r .config.digest ${TEST_SCRATCH_DIR}/new-image/manifest.json) Error: SHELLCHECK_WARNING (CWE-156): [#def45] /usr/share/buildah/test/system/commit.bats:302:39: warning[SC2046]: Quote this to prevent word splitting. # 300| cid=$output # 301| run_buildah run $cid touch /testfile # 302|-> run_buildah run $cid chown $(id -u):$(id -g) /testfile # 303| run_buildah commit $cid dir:${TEST_SCRATCH_DIR}/new-image # 304| config=$(jq -r .config.digest ${TEST_SCRATCH_DIR}/new-image/manifest.json) Error: SHELLCHECK_WARNING (CWE-156): [#def46] /usr/share/buildah/test/system/commit.bats:315:23: warning[SC2046]: Quote this to prevent word splitting. # 313| # ownership information should be forced to be in number/number format # 314| # instead of name/name because the names are gone # 315|-> assert "$output" =~ $(id -u)/$(id -g) # 316| } # 317| Error: SHELLCHECK_WARNING (CWE-156): [#def47] /usr/share/buildah/test/system/commit.bats:315:32: warning[SC2046]: Quote this to prevent word splitting. # 313| # ownership information should be forced to be in number/number format # 314| # instead of name/name because the names are gone # 315|-> assert "$output" =~ $(id -u)/$(id -g) # 316| } # 317| Error: SHELLCHECK_WARNING (CWE-563): [#def48] /usr/share/buildah/test/system/containers.bats:18:3: warning[SC2034]: cid2 appears unused. Verify use (or export if used externally). # 16| cid1=$output # 17| run_buildah from --quiet --pull=false $WITH_POLICY_JSON busybox # 18|-> cid2=$output # 19| run_buildah containers --filter name=$cid1 # 20| expect_line_count 2 Error: SHELLCHECK_WARNING (CWE-571): [#def49] /usr/share/buildah/test/system/digest.bats:12:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 10| # 11| # If image includes '_v2sN', verify that image is schema version N # 12|-> local expected_schemaversion=$(expr "$img" : '.*_v2s\([0-9]\)') # 13| if [ -n "$expected_schemaversion" ]; then # 14| actual_schemaversion=$(imgtype -expected-manifest-type '*' -show-manifest $img | jq .schemaVersion) Error: SHELLCHECK_WARNING (CWE-571): [#def50] /usr/share/buildah/test/system/digest.bats:52:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 50| # # 51| # Check that the first and second .fsLayers and .history elements are dups # 52|-> local manifest=$(imgtype -expected-manifest-type '*' -show-manifest ${IMG}) # 53| for element in fsLayers history; do # 54| local first=$(jq ".${element}[0]" <<<"$manifest") Error: SHELLCHECK_WARNING (CWE-571): [#def51] /usr/share/buildah/test/system/digest.bats:54:13: warning[SC2155]: Declare and assign separately to avoid masking return values. # 52| local manifest=$(imgtype -expected-manifest-type '*' -show-manifest ${IMG}) # 53| for element in fsLayers history; do # 54|-> local first=$(jq ".${element}[0]" <<<"$manifest") # 55| local second=$(jq ".${element}[1]" <<<"$manifest") # 56| expect_output --from="$second" "$first" "${IMG}: .${element}[1] == [0]" Error: SHELLCHECK_WARNING (CWE-571): [#def52] /usr/share/buildah/test/system/digest.bats:55:13: warning[SC2155]: Declare and assign separately to avoid masking return values. # 53| for element in fsLayers history; do # 54| local first=$(jq ".${element}[0]" <<<"$manifest") # 55|-> local second=$(jq ".${element}[1]" <<<"$manifest") # 56| expect_output --from="$second" "$first" "${IMG}: .${element}[1] == [0]" # 57| done Error: SHELLCHECK_WARNING (CWE-477): [#def53] /usr/share/buildah/test/system/digest/make-v2sN:58:17: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined. # 56| # FIXME: do we really need to know? Will it ever, in practice, be non-root? # 57| user=$(id -un) # 58|-> if [ -n "$user" -a "$user" != "root" ]; then # 59| add_to_readme "By (user)" "$user" # 60| fi Error: SHELLCHECK_WARNING (CWE-156): [#def54] /usr/share/buildah/test/system/digest/make-v2sN:62:20: warning[SC2046]: Quote this to prevent word splitting. # 60| fi # 61| # 62|-> create_script=$(cd $(dirname $0) && git ls-files --full-name $ME) # 63| if [ -z "$create_script" ]; then # 64| create_script=$0 Error: SHELLCHECK_WARNING (CWE-156): [#def55] /usr/share/buildah/test/system/digest/make-v2sN:68:16: warning[SC2046]: Quote this to prevent word splitting. # 66| add_to_readme "By (script)" "$create_script" # 67| # 68|-> git_state=$(cd $(dirname $0) && git describe --dirty) # 69| if [ -n "$git_state" ]; then # 70| add_to_readme "git state" "$git_state" Error: SHELLCHECK_WARNING (CWE-156): [#def56] /usr/share/buildah/test/system/digest/make-v2sN:88:29: warning[SC2046]: Quote this to prevent word splitting. # 86| # clean up interim layers. It's also necessary for dealing with v2s1 layers. # 87| # 88|-> TMPDIR=$(mktemp --tmpdir -d $(basename $0).XXXXXXX) # 89| push_flags= # 90| if [[ $schemaversion -eq 1 ]]; then Error: SHELLCHECK_WARNING (CWE-156): [#def57] /usr/share/buildah/test/system/digest/make-v2sN:133:26: warning[SC2046]: Quote this to prevent word splitting. # 131| # Manifest is embedded in the image but as a string, not actual JSON; # 132| # the eval-echo converts it to usable JSON # 133|-> manifest=$(eval echo $(buildah inspect ${IMGNAME} | jq .Manifest)) # 134| # 135| # Check desired schema version: Error: SHELLCHECK_WARNING (CWE-563): [#def58] /usr/share/buildah/test/system/formats.bats:16:3: warning[SC2034]: expect appears unused. Verify use (or export if used externally). # 14| imgtype_dkr="application/vnd.docker.distribution.manifest.v2+json" # 15| # 16|-> expect="" # 17| case "$2" in # 18| oci) want=$imgtype_oci; reject=$imgtype_dkr;; Error: SHELLCHECK_WARNING (CWE-156): [#def59] /usr/share/buildah/test/system/from.bats:498:60: warning[SC2046]: Quote this to prevent word splitting. # 496| run_buildah from --quiet --pull $WITH_POLICY_JSON --arch=arm64 alpine # 497| other=$output # 498|-> run_buildah from --quiet --pull $WITH_POLICY_JSON --arch=$(go env GOARCH) alpine # 499| cid=$output # 500| run_buildah copy --from $other $cid /etc/apk/arch /root/other-arch Error: SHELLCHECK_WARNING (CWE-563): [#def60] /usr/share/buildah/test/system/from.bats:541:3: warning[SC2034]: target appears unused. Verify use (or export if used externally). # 539| run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT} # 540| run_buildah push $WITH_POLICY_JSON --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth busybox docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest # 541|-> target=busybox-image # 542| run_buildah from -q $WITH_POLICY_JSON --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth docker://localhost:${REGISTRY_PORT}/buildah/busybox:latest # 543| run_buildah rm $output Error: SHELLCHECK_WARNING (CWE-138): [#def61] /usr/share/buildah/test/system/help.bats:72:64: error[SC2145]: Argument mixes string and array. Use * or separate argument. # 70| # the old command parser and cobra. # 71| assert "$count" -gt 0 \ # 72|-> "Internal error: no commands found in 'buildah help $@' list" # 73| # 74| # Sanity check: make sure the special loops above triggered at least once. Error: SHELLCHECK_WARNING (CWE-1164): [#def62] /usr/share/buildah/test/system/help.bats:79:18: warning[SC2043]: This loop will only ever run once. Bad quoting or missing glob/expansion? # 77| # This loop is copied from podman test and redundant for buildah now. # 78| # But this is kept for future extension. # 79|-> for i in subcommands; do # 80| if [[ -z ${found[$i]} ]]; then # 81| die "Internal error: '$i' subtest did not trigger" Error: SHELLCHECK_WARNING (CWE-670): [#def63] /usr/share/buildah/test/system/helpers.bash:4:40: warning[SC2128]: Expanding an array without an index only gives the first element. # 2| # 3| # Directory in which tests live # 4|-> TEST_SOURCES=${TEST_SOURCES:-$(dirname ${BASH_SOURCE})} # 5| # 6| BUILDAH_BINARY=${BUILDAH_BINARY:-$TEST_SOURCES/../bin/buildah} Error: SHELLCHECK_WARNING (CWE-670): [#def64] /usr/share/buildah/test/system/helpers.bash:11:16: warning[SC2128]: Expanding an array without an index only gives the first element. # 9| TUTORIAL_BINARY=${TUTORIAL_BINARY:-$TEST_SOURCES/../bin/tutorial} # 10| STORAGE_DRIVER=${STORAGE_DRIVER:-vfs} # 11|-> PATH=$(dirname ${BASH_SOURCE})/../bin:${PATH} # 12| OCI=${CI_DESIRED_RUNTIME:-$(${BUILDAH_BINARY} info --format '{{.host.OCIRuntime}}' || command -v runc || command -v crun)} # 13| # Default timeout for a buildah command. Error: SHELLCHECK_WARNING (CWE-156): [#def65] /usr/share/buildah/test/system/helpers.bash:25:6: warning[SC2046]: Quote this to prevent word splitting. # 23| # Prompt to display when logging buildah commands; distinguish root/rootless # 24| _LOG_PROMPT='$' # 25|-> if [ $(id -u) -eq 0 ]; then # 26| _LOG_PROMPT='#' # 27| fi Error: SHELLCHECK_WARNING (CWE-563): [#def66] /usr/share/buildah/test/system/helpers.bash:30:1: warning[SC2034]: BUDFILES appears unused. Verify use (or export if used externally). # 28| # 29| # Shortcut for directory containing Containerfiles for bud.bats # 30|-> BUDFILES=${TEST_SOURCES}/bud # 31| # 32| # Used hundreds of times throughout all the tests Error: SHELLCHECK_WARNING (CWE-563): [#def67] /usr/share/buildah/test/system/helpers.bash:33:1: warning[SC2034]: WITH_POLICY_JSON appears unused. Verify use (or export if used externally). # 31| # 32| # Used hundreds of times throughout all the tests # 33|-> WITH_POLICY_JSON="--signature-policy ${TEST_SOURCES}/policy.json" # 34| # 35| # We don't invoke gnupg directly in many places, but this avoids ENOTTY errors Error: SHELLCHECK_WARNING (CWE-252): [#def68] /usr/share/buildah/test/system/helpers.bash:45:5: warning[SC2164]: Use 'pushd ... || exit' or 'pushd ... || return' in case pushd fails. # 43| # 44| function setup_tests() { # 45|-> pushd "$(dirname "$(readlink -f "$BASH_SOURCE")")" # 46| # 47| # $TEST_SCRATCH_DIR is a custom scratch directory for each @test, Error: SHELLCHECK_WARNING (CWE-670): [#def69] /usr/share/buildah/test/system/helpers.bash:45:38: warning[SC2128]: Expanding an array without an index only gives the first element. # 43| # 44| function setup_tests() { # 45|-> pushd "$(dirname "$(readlink -f "$BASH_SOURCE")")" # 46| # 47| # $TEST_SCRATCH_DIR is a custom scratch directory for each @test, Error: SHELLCHECK_WARNING (CWE-252): [#def70] /usr/share/buildah/test/system/helpers.bash:85:5: warning[SC2164]: Use 'pushd ... || exit' or 'pushd ... || return' in case pushd fails. # 83| # 84| function starthttpd() { # 85|-> pushd ${2:-${TEST_SCRATCH_DIR}} > /dev/null # 86| go build -o serve ${TEST_SOURCES}/serve/serve.go # 87| portfile=$(mktemp) Error: SHELLCHECK_WARNING (CWE-563): [#def71] /usr/share/buildah/test/system/helpers.bash:102:5: warning[SC2034]: HTTP_SERVER_PORT appears unused. Verify use (or export if used externally). # 100| fi # 101| done # 102|-> HTTP_SERVER_PORT=$(cat ${portfile}) # 103| rm -f ${portfile} # 104| popd > /dev/null Error: SHELLCHECK_WARNING (CWE-252): [#def72] /usr/share/buildah/test/system/helpers.bash:104:5: warning[SC2164]: Use 'popd ... || exit' or 'popd ... || return' in case popd fails. # 102| HTTP_SERVER_PORT=$(cat ${portfile}) # 103| rm -f ${portfile} # 104|-> popd > /dev/null # 105| } # 106| Error: SHELLCHECK_WARNING (CWE-252): [#def73] /usr/share/buildah/test/system/helpers.bash:136:5: warning[SC2164]: Use 'popd ... || exit' or 'popd ... || return' in case popd fails. # 134| rm -fr ${TEST_SCRATCH_DIR} # 135| # 136|-> popd # 137| } # 138| Error: SHELLCHECK_WARNING: [#def74] /usr/share/buildah/test/system/helpers.bash:160:25: warning[SC2076]: Remove quotes from right-hand side of =~ to match as a regex rather than literally. # 158| local storage= # 159| for img in "$@"; do # 160|-> if [[ "$img" =~ '[vfs@' ]] ; then # 161| storage="$img" # 162| continue Error: SHELLCHECK_WARNING (CWE-398): [#def75] /usr/share/buildah/test/system/helpers.bash:171:20: warning[SC2115]: Use "${var:?}" to ensure this never expands to / . # 169| copy dir:$_BUILDAH_IMAGE_CACHEDIR/$fname containers-storage:"$storage""$img" # 170| else # 171|-> rm -fr $_BUILDAH_IMAGE_CACHEDIR/$fname # 172| echo "# [copy docker://$img dir:$_BUILDAH_IMAGE_CACHEDIR/$fname]" >&2 # 173| for attempt in $(seq 3) ; do Error: SHELLCHECK_WARNING (CWE-563): [#def76] /usr/share/buildah/test/system/helpers.bash:173:13: warning[SC2034]: attempt appears unused. Verify use (or export if used externally). # 171| rm -fr $_BUILDAH_IMAGE_CACHEDIR/$fname # 172| echo "# [copy docker://$img dir:$_BUILDAH_IMAGE_CACHEDIR/$fname]" >&2 # 173|-> for attempt in $(seq 3) ; do # 174| if copy $COPY_REGISTRY_OPTS docker://"$img" dir:$_BUILDAH_IMAGE_CACHEDIR/$fname ; then # 175| break Error: SHELLCHECK_WARNING (CWE-670): [#def77] /usr/share/buildah/test/system/helpers.bash:294:62: warning[SC2128]: Expanding an array without an index only gives the first element. # 292| # stdout is only emitted upon error; this echo is to help a debugger # 293| echo "${_LOG_PROMPT} $BUILDAH_BINARY $*" # 294|-> run env CONTAINERS_CONF=${CONTAINERS_CONF:-$(dirname ${BASH_SOURCE})/containers.conf} timeout --foreground --kill=10 $BUILDAH_TIMEOUT ${BUILDAH_BINARY} ${BUILDAH_REGISTRY_OPTS} ${ROOTDIR_OPTS} "$@" # 295| # without "quotes", multiple lines are glommed together into one # 296| if [ -n "$output" ]; then Error: SHELLCHECK_WARNING (CWE-457): [#def78] /usr/share/buildah/test/system/helpers.bash:299:15: warning[SC2154]: status is referenced but not assigned. # 297| echo "$output" # 298| fi # 299|-> if [ "$status" -ne 0 ]; then # 300| echo -n "[ rc=$status "; # 301| if [ -n "$expected_rc" ]; then Error: SHELLCHECK_WARNING (CWE-477): [#def79] /usr/share/buildah/test/system/helpers.bash:311:32: warning[SC2166]: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined. # 309| fi # 310| # 311|-> if [ "$status" -eq 124 -o "$status" -eq 137 ]; then # 312| # FIXME: 'timeout -v' requires coreutils-8.29; travis seems to have # 313| # an older version. If/when travis updates, please add -v Error: SHELLCHECK_WARNING (CWE-571): [#def80] /usr/share/buildah/test/system/helpers.bash:456:15: warning[SC2155]: Declare and assign separately to avoid masking return values. # 454| local opt # 455| for opt; do # 456|-> local value=$(expr "$opt" : '[^=]*=\(.*\)') # 457| case "$opt" in # 458| --from=*) actual="$value"; shift;; Error: SHELLCHECK_WARNING (CWE-457): [#def81] /usr/share/buildah/test/system/helpers.bash:479:19: warning[SC2154]: lines is referenced but not assigned (did you mean 'line'?). # 477| local testname="${2:-${MOST_RECENT_BUILDAH_COMMAND:-[no test name given]}}" # 478| # 479|-> local actual="${#lines[@]}" # 480| if [ "$actual" -eq "$expect" ]; then # 481| return Error: SHELLCHECK_WARNING (CWE-571): [#def82] /usr/share/buildah/test/system/helpers.bash:588:11: warning[SC2155]: Declare and assign separately to avoid masking return values. # 586| ################## # 587| function is_cgroupsv2() { # 588|-> local cgroupfs_t=$(stat -f -c %T /sys/fs/cgroup) # 589| test "$cgroupfs_t" = "cgroup2fs" # 590| } Error: SHELLCHECK_WARNING (CWE-156): [#def83] /usr/share/buildah/test/system/helpers.bash:647:31: warning[SC2046]: Quote this to prevent word splitting. # 645| skip "unshare was not able to create a pid namespace" # 646| fi # 647|-> if ! unshare -U --map-users $(id -u),0,1 true ; then # 648| skip "unshare does not support --map-users" # 649| fi Error: SHELLCHECK_WARNING (CWE-156): [#def84] /usr/share/buildah/test/system/helpers.bash:671:10: warning[SC2046]: Quote this to prevent word splitting. # 669| function stop_git_daemon() { # 670| if test -s ${TEST_SCRATCH_DIR}/git-daemon/pid ; then # 671|-> kill $(cat ${TEST_SCRATCH_DIR}/git-daemon/pid) # 672| rm -f ${TEST_SCRATCH_DIR}/git-daemon/pid # 673| fi Error: SHELLCHECK_WARNING (CWE-156): [#def85] /usr/share/buildah/test/system/helpers.bash.t:6:3: warning[SC2046]: Quote this to prevent word splitting. # 4| # # 5| # 6|-> . $(dirname ${BASH_SOURCE})/helpers.bash # 7| # 8| INDEX=1 Error: SHELLCHECK_WARNING (CWE-670): [#def86] /usr/share/buildah/test/system/helpers.bash.t:6:13: warning[SC2128]: Expanding an array without an index only gives the first element. # 4| # # 5| # 6|-> . $(dirname ${BASH_SOURCE})/helpers.bash # 7| # 8| INDEX=1 Error: SHELLCHECK_WARNING (CWE-140): [#def87] /usr/share/buildah/test/system/inspect.bats:34:27: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. # 32| # including version. Strip it out, # 33| run_buildah --version # 34|-> local -a output_fields=($output) # 35| buildah_version=${output_fields[2]} # 36| inspect_cleaned=$(echo "$inspect_after_commit" | sed "s/io.buildah.version:${buildah_version}//g") Error: SHELLCHECK_WARNING (CWE-569): [#def88] /usr/share/buildah/test/system/lists.bats:255:36: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 253| @test "manifest-from-tag" { # 254| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST} # 255|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST} # 256| expect_output --substring $(go env GOARCH) # 257| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def89] /usr/share/buildah/test/system/lists.bats:255:37: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 253| @test "manifest-from-tag" { # 254| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST} # 255|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST} # 256| expect_output --substring $(go env GOARCH) # 257| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def90] /usr/share/buildah/test/system/lists.bats:255:57: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 253| @test "manifest-from-tag" { # 254| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST} # 255|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST} # 256| expect_output --substring $(go env GOARCH) # 257| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def91] /usr/share/buildah/test/system/lists.bats:255:58: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 253| @test "manifest-from-tag" { # 254| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST} # 255|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST} # 256| expect_output --substring $(go env GOARCH) # 257| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-398): [#def92] /usr/share/buildah/test/system/lists.bats:255:59: warning[SC1078]: Did you forget to close this single quoted string? # 253| @test "manifest-from-tag" { # 254| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST} # 255|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST} # 256| expect_output --substring $(go env GOARCH) # 257| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-156): [#def93] /usr/share/buildah/test/system/lists.bats:258:31: warning[SC2046]: Quote this to prevent word splitting. # 256| expect_output --substring $(go env GOARCH) # 257| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container # 258|-> expect_output --substring $(go env GOARCH) # 259| } # 260| Error: SHELLCHECK_WARNING (CWE-569): [#def94] /usr/share/buildah/test/system/lists.bats:263:36: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 261| @test "manifest-from-digest" { # 262| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST} # 263|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST} # 264| expect_output --substring $(go env GOARCH) # 265| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def95] /usr/share/buildah/test/system/lists.bats:263:37: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 261| @test "manifest-from-digest" { # 262| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST} # 263|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST} # 264| expect_output --substring $(go env GOARCH) # 265| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def96] /usr/share/buildah/test/system/lists.bats:263:57: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 261| @test "manifest-from-digest" { # 262| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST} # 263|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST} # 264| expect_output --substring $(go env GOARCH) # 265| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def97] /usr/share/buildah/test/system/lists.bats:263:58: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 261| @test "manifest-from-digest" { # 262| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST} # 263|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST} # 264| expect_output --substring $(go env GOARCH) # 265| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-398): [#def98] /usr/share/buildah/test/system/lists.bats:263:59: warning[SC1078]: Did you forget to close this single quoted string? # 261| @test "manifest-from-digest" { # 262| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_DIGEST} # 263|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_DIGEST} # 264| expect_output --substring $(go env GOARCH) # 265| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-156): [#def99] /usr/share/buildah/test/system/lists.bats:266:31: warning[SC2046]: Quote this to prevent word splitting. # 264| expect_output --substring $(go env GOARCH) # 265| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container # 266|-> expect_output --substring $(go env GOARCH) # 267| } # 268| Error: SHELLCHECK_WARNING (CWE-569): [#def100] /usr/share/buildah/test/system/lists.bats:271:36: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 269| @test "manifest-from-instance" { # 270| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE} # 271|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE} # 272| expect_output --substring arm64 # 273| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def101] /usr/share/buildah/test/system/lists.bats:271:37: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 269| @test "manifest-from-instance" { # 270| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE} # 271|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE} # 272| expect_output --substring arm64 # 273| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def102] /usr/share/buildah/test/system/lists.bats:271:57: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 269| @test "manifest-from-instance" { # 270| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE} # 271|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE} # 272| expect_output --substring arm64 # 273| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-569): [#def103] /usr/share/buildah/test/system/lists.bats:271:58: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 269| @test "manifest-from-instance" { # 270| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE} # 271|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE} # 272| expect_output --substring arm64 # 273| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-398): [#def104] /usr/share/buildah/test/system/lists.bats:271:59: warning[SC1078]: Did you forget to close this single quoted string? # 269| @test "manifest-from-instance" { # 270| run_buildah from $WITH_POLICY_JSON --name test-container ${IMAGE_LIST_INSTANCE} # 271|-> run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST_INSTANCE} # 272| expect_output --substring arm64 # 273| run_buildah inspect --format ''{{.OCIv1.Architecture}}' test-container Error: SHELLCHECK_WARNING (CWE-156): [#def105] /usr/share/buildah/test/system/lists.bats:296:40: warning[SC2046]: Quote this to prevent word splitting. # 294| run_buildah bud --layers --iidfile ${TEST_SCRATCH_DIR}/image-id.txt ${TEST_SCRATCH_DIR}/build # 295| # Make sure we can add the new image to the list. # 296|-> run_buildah manifest add test-list $(< ${TEST_SCRATCH_DIR}/image-id.txt) # 297| } # 298| Error: SHELLCHECK_WARNING (CWE-156): [#def106] /usr/share/buildah/test/system/mkcw.bats:93:20: warning[SC2046]: Quote this to prevent word splitting. # 91| ctrID="$output" # 92| run_buildah commit --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=SEV,ignore_attestation_errors,passphrase="mkcw commit" "$ctrID" # 93|-> mkcw_check_image $(cat "$TEST_SCRATCH_DIR"/iid) # 94| run_buildah commit --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=sev,ignore_attestation_errors,passphrase="mkcw commit" "$ctrID" # 95| mkcw_check_image $(cat "$TEST_SCRATCH_DIR"/iid) Error: SHELLCHECK_WARNING (CWE-156): [#def107] /usr/share/buildah/test/system/mkcw.bats:95:20: warning[SC2046]: Quote this to prevent word splitting. # 93| mkcw_check_image $(cat "$TEST_SCRATCH_DIR"/iid) # 94| run_buildah commit --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=sev,ignore_attestation_errors,passphrase="mkcw commit" "$ctrID" # 95|-> mkcw_check_image $(cat "$TEST_SCRATCH_DIR"/iid) # 96| } # 97| Error: SHELLCHECK_WARNING (CWE-156): [#def108] /usr/share/buildah/test/system/mkcw.bats:108:20: warning[SC2046]: Quote this to prevent word splitting. # 106| echo -n "mkcw build" > "$TEST_SCRATCH_DIR"/key # 107| run_buildah build --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=SEV,ignore_attestation_errors,passphrase="mkcw build" -f bud/env/Dockerfile.check-env bud/env # 108|-> mkcw_check_image $(cat "$TEST_SCRATCH_DIR"/iid) # 109| # 110| run_buildah build --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=sev,ignore_attestation_errors,passphrase="mkcw build" -f bud/env/Dockerfile.check-env bud/env Error: SHELLCHECK_WARNING (CWE-156): [#def109] /usr/share/buildah/test/system/mkcw.bats:111:20: warning[SC2046]: Quote this to prevent word splitting. # 109| # 110| run_buildah build --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=sev,ignore_attestation_errors,passphrase="mkcw build" -f bud/env/Dockerfile.check-env bud/env # 111|-> mkcw_check_image $(cat "$TEST_SCRATCH_DIR"/iid) # 112| # 113| # the key thing about this next bit is mixing --layers with a final Error: SHELLCHECK_WARNING (CWE-156): [#def110] /usr/share/buildah/test/system/mkcw.bats:117:20: warning[SC2046]: Quote this to prevent word splitting. # 115| echo -n "mkcw build --layers" > "$TEST_SCRATCH_DIR"/key # 116| run_buildah build --iidfile "$TEST_SCRATCH_DIR"/iid --cw type=SEV,ignore_attestation_errors,passphrase="mkcw build --layers" --layers -f bud/env/Dockerfile.check-env bud/env # 117|-> mkcw_check_image $(cat "$TEST_SCRATCH_DIR"/iid) # 118| } Error: SHELLCHECK_WARNING (CWE-571): [#def111] /usr/share/buildah/test/system/namespaces.bats:88:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 86| # 87| assert "$_output_idmap" != "" "Internal error: output_idmap is empty" # 88|-> local _idmap=$(sed -E -e 's, +, ,g' -e 's,^ +,,g' <<< "${_output_idmap}") # 89| expect_output --from="$_idmap" "${_expect_idmap}" "$_testname" # 90| Error: SHELLCHECK_WARNING (CWE-156): [#def112] /usr/share/buildah/test/system/namespaces.bats:135:17: warning[SC2046]: Quote this to prevent word splitting. # 133| # Look for a name that's in both the subuid and subgid files. # 134| for candidate in $(sed -e 's,:.*,,g' /etc/subuid); do # 135|-> if test $(sed -e 's,:.*,,g' -e "/$candidate/!d" /etc/subgid) == "$candidate"; then # 136| # Read the start of the subuid/subgid ranges. Assume length=65536. # 137| userbase=$(sed -e "/^${candidate}:/!d" -e 's,^[^:]*:,,g' -e 's,:[^:]*,,g' /etc/subuid) Error: SHELLCHECK_WARNING (CWE-88): [#def113] /usr/share/buildah/test/system/namespaces.bats:323:24: error[SC2068]: Double quote array expansions to avoid re-splitting elements. # 321| # "run" doesn't have --userns option. # 322| if [ "$nsflag" != "userns" ]; then # 323|-> for different in ${types[@]} ; do # 324| # Check that, if we override it, we get what we specify for "run". # 325| run_buildah run $RUNOPTS --"$nsflag"=$different "$ctr" readlink /proc/self/ns/"$nstype" Error: SHELLCHECK_WARNING (CWE-563): [#def114] /usr/share/buildah/test/system/rm.bats:40:3: warning[SC2034]: cid1 appears unused. Verify use (or export if used externally). # 38| _prefetch alpine busybox # 39| run_buildah from $WITH_POLICY_JSON scratch # 40|-> cid1=$output # 41| run_buildah from --quiet $WITH_POLICY_JSON alpine # 42| cid2=$output Error: SHELLCHECK_WARNING (CWE-563): [#def115] /usr/share/buildah/test/system/rmi.bats:62:3: warning[SC2034]: cid1 appears unused. Verify use (or export if used externally). # 60| _prefetch alpine busybox # 61| run_buildah from $WITH_POLICY_JSON scratch # 62|-> cid1=$output # 63| run_buildah from --quiet $WITH_POLICY_JSON alpine # 64| cid2=$output Error: SHELLCHECK_WARNING (CWE-563): [#def116] /usr/share/buildah/test/system/rmi.bats:64:3: warning[SC2034]: cid2 appears unused. Verify use (or export if used externally). # 62| cid1=$output # 63| run_buildah from --quiet $WITH_POLICY_JSON alpine # 64|-> cid2=$output # 65| run_buildah from --quiet $WITH_POLICY_JSON busybox # 66| cid3=$output Error: SHELLCHECK_WARNING (CWE-563): [#def117] /usr/share/buildah/test/system/rmi.bats:66:3: warning[SC2034]: cid3 appears unused. Verify use (or export if used externally). # 64| cid2=$output # 65| run_buildah from --quiet $WITH_POLICY_JSON busybox # 66|-> cid3=$output # 67| run_buildah 125 rmi --all # 68| run_buildah images -q Error: SHELLCHECK_WARNING (CWE-156): [#def118] /usr/share/buildah/test/system/run.bats:186:7: warning[SC2046]: Quote this to prevent word splitting. # 184| skip_if_no_runtime # 185| # 186|-> eval $(go env) # 187| echo CGO_ENABLED=${CGO_ENABLED} # 188| if test "$CGO_ENABLED" -ne 1; then Error: SHELLCHECK_WARNING (CWE-569): [#def119] /usr/share/buildah/test/system/run.bats:616:5: error[SC1035]: You need a space after the [ and before the ]. # 614| # 615| rootless=0 # 616|-> if ["$(id -u)" -ne 0 ]; then # 617| rootless=1 # 618| fi Error: SHELLCHECK_WARNING (CWE-571): [#def120] /usr/share/buildah/test/system/run.bats:665:8: warning[SC2155]: Declare and assign separately to avoid masking return values. # 663| _prefetch ubuntu # 664| # 665|-> local hostname=h-$(random_string) # 666| # 667| run_buildah from --quiet --pull=false $WITH_POLICY_JSON ubuntu Error: SHELLCHECK_WARNING (CWE-398): [#def121] /usr/share/buildah/test/system/run.bats:708:23: error[SC1087]: Use braces when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). # 706| cid=$output # 707| run_buildah run --network=host --hostname $hostname $cid cat /etc/hosts # 708|-> assert "$output" =~ "$ip[[:blank:]]$hostname" # 709| hostOutput=$output # 710| m=$(buildah mount $cid) Error: SHELLCHECK_WARNING (CWE-398): [#def122] /usr/share/buildah/test/system/run.bats:718:23: error[SC1087]: Use braces when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). # 716| # --isolation chroot implies host networking so check for the correct hosts entry # 717| run_buildah run --isolation chroot --hostname $hostname $cid cat /etc/hosts # 718|-> assert "$output" =~ "$ip[[:blank:]]$hostname" # 719| run_buildah rm -a # 720| Error: SHELLCHECK_WARNING (CWE-571): [#def123] /usr/share/buildah/test/system/run.bats:741:8: warning[SC2155]: Declare and assign separately to avoid masking return values. # 739| cid=$output # 740| # 741|-> local hostname=h-$(random_string) # 742| ip=$(hostname -I | cut -f 1 -d " ") # 743| run_buildah run --network pasta --hostname $hostname $cid cat /etc/hosts Error: SHELLCHECK_WARNING (CWE-398): [#def124] /usr/share/buildah/test/system/run.bats:744:23: error[SC1087]: Use braces when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). # 742| ip=$(hostname -I | cut -f 1 -d " ") # 743| run_buildah run --network pasta --hostname $hostname $cid cat /etc/hosts # 744|-> assert "$output" =~ "$ip[[:blank:]]$hostname $cid" "--network pasta adds correct hostname" # 745| # 746| # check with containers.conf setting Error: SHELLCHECK_WARNING (CWE-398): [#def125] /usr/share/buildah/test/system/run.bats:749:23: error[SC1087]: Use braces when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). # 747| echo -e "[network]\ndefault_rootless_network_cmd = \"pasta\"" > ${TEST_SCRATCH_DIR}/containers.conf # 748| CONTAINERS_CONF_OVERRIDE=${TEST_SCRATCH_DIR}/containers.conf run_buildah run --hostname $hostname $cid cat /etc/hosts # 749|-> assert "$output" =~ "$ip[[:blank:]]$hostname $cid" "default_rootless_network_cmd = \"pasta\" works" # 750| # 751| # resolv.conf checks Error: SHELLCHECK_WARNING (CWE-457): [#def126] /usr/share/buildah/test/system/run.bats:931:9: warning[SC2154]: test is referenced but not assigned (for output from commands, use "$(test ...)" ). # 929| skip_if_root_environment # 930| if test "$DBUS_SESSION_BUS_ADDRESS" = ""; then # 931|-> skip "$test does not work when DBUS_SESSION_BUS_ADDRESS is not defined" # 932| fi # 933| _prefetch alpine Error: SHELLCHECK_WARNING (CWE-277): [#def127] /usr/share/buildah/test/system/sign.bats:11:12: warning[SC2174]: When used with -p, -m only applies to the deepest directory. # 9| # 10| export GNUPGHOME=${TEST_SCRATCH_DIR}/.gnupg # 11|-> mkdir -p --mode=0700 $GNUPGHOME # 12| # 13| # gpg on f30 and above needs this, otherwise: Error: SHELLCHECK_WARNING (CWE-571): [#def128] /usr/share/buildah/test/system/sign.bats:53:3: error[SC2314]: In Bats, ! does not cause a test failure. Use 'run ! ' (on Bats >= 1.5.0) instead. # 51| run_buildah push $WITH_POLICY_JSON --remove-signatures signed-alpine-image dir:${TEST_SCRATCH_DIR}/unsigned-image # 52| ls -l ${TEST_SCRATCH_DIR}/unsigned-image/ # 53|-> ! test -s ${TEST_SCRATCH_DIR}/unsigned-image/signature-1 # 54| # 55| run_buildah commit $WITH_POLICY_JSON $cid unsigned-alpine-image Error: SHELLCHECK_WARNING (CWE-571): [#def129] /usr/share/buildah/test/system/sign.bats:69:3: error[SC2314]: In Bats, ! does not cause a test failure. Use 'run ! ' (on Bats >= 1.5.0) instead. # 67| run_buildah push $WITH_POLICY_JSON "$imageID" dir:${TEST_SCRATCH_DIR}/unsigned-image # 68| ls -l ${TEST_SCRATCH_DIR}/unsigned-image/ # 69|-> ! test -s ${TEST_SCRATCH_DIR}/unsigned-image/signature-1 # 70| # 71| # Build a manifest list and try to push the list with signatures. Error: SHELLCHECK_WARNING (CWE-563): [#def130] /usr/share/buildah/test/system/source.bats:42:3: warning[SC2034]: creatd appears unused. Verify use (or export if used externally). # 40| run jq -r .created $srcdir/blobs/sha256/$configDigest # 41| assert "$status" -eq 0 "status of jq .created on configDigest" # 42|-> creatd=$output # 43| run date --date="$output" # 44| assert "$status" -eq 0 "status of date (this should never ever fail)" Error: SHELLCHECK_WARNING (CWE-156): [#def131] /usr/share/buildah/test/system/test_buildah_authentication.sh:139:16: warning[SC2046]: Quote this to prevent word splitting. # 137| ######## # 138| buildah rm $ctrid # 139|-> buildah rmi -f $(buildah images -q) # 140| # 141| ######## Error: SHELLCHECK_WARNING (CWE-156): [#def132] /usr/share/buildah/test/system/test_buildah_authentication.sh:205:16: warning[SC2046]: Quote this to prevent word splitting. # 203| ######## # 204| buildah rm --all # 205|-> buildah rmi -f $(buildah images -q) # 206| # 207| ######## Error: SHELLCHECK_WARNING (CWE-156): [#def133] /usr/share/buildah/test/system/test_buildah_authentication.sh:235:14: warning[SC2046]: Quote this to prevent word splitting. # 233| rm -f ./Dockerfile # 234| rm -rf ${TESTDIR}/auth # 235|-> docker rm -f $(docker ps --all -q) # 236| docker rmi -f $(docker images -q) # 237| buildah rm $(buildah containers -q) Error: SHELLCHECK_WARNING (CWE-156): [#def134] /usr/share/buildah/test/system/test_buildah_authentication.sh:236:15: warning[SC2046]: Quote this to prevent word splitting. # 234| rm -rf ${TESTDIR}/auth # 235| docker rm -f $(docker ps --all -q) # 236|-> docker rmi -f $(docker images -q) # 237| buildah rm $(buildah containers -q) # 238| buildah rmi -f $(buildah images -q) Error: SHELLCHECK_WARNING (CWE-156): [#def135] /usr/share/buildah/test/system/test_buildah_authentication.sh:237:12: warning[SC2046]: Quote this to prevent word splitting. # 235| docker rm -f $(docker ps --all -q) # 236| docker rmi -f $(docker images -q) # 237|-> buildah rm $(buildah containers -q) # 238| buildah rmi -f $(buildah images -q) Error: SHELLCHECK_WARNING (CWE-156): [#def136] /usr/share/buildah/test/system/test_buildah_authentication.sh:238:16: warning[SC2046]: Quote this to prevent word splitting. # 236| docker rmi -f $(docker images -q) # 237| buildah rm $(buildah containers -q) # 238|-> buildah rmi -f $(buildah images -q) Error: SHELLCHECK_WARNING (CWE-252): [#def137] /usr/share/buildah/test/system/test_buildah_build_rpm.sh:32:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails. # 30| # Clone buildah from GitHub.com # 31| ######## # 32|-> cd $SBOX # 33| git clone https://github.com/containers/buildah.git # 34| cd $GITROOT Error: SHELLCHECK_WARNING (CWE-252): [#def138] /usr/share/buildah/test/system/test_buildah_build_rpm.sh:34:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails. # 32| cd $SBOX # 33| git clone https://github.com/containers/buildah.git # 34|-> cd $GITROOT # 35| # 36| ######## Error: SHELLCHECK_WARNING (CWE-156): [#def139] /usr/share/buildah/test/system/test_buildah_build_rpm.sh:102:12: warning[SC2046]: Quote this to prevent word splitting. # 100| # Clean up Buildah # 101| ######## # 102|-> buildah rm $(buildah containers -q) # 103| buildah rmi -f $(buildah images -q) # 104| Error: SHELLCHECK_WARNING (CWE-156): [#def140] /usr/share/buildah/test/system/test_buildah_build_rpm.sh:103:16: warning[SC2046]: Quote this to prevent word splitting. # 101| ######## # 102| buildah rm $(buildah containers -q) # 103|-> buildah rmi -f $(buildah images -q) # 104| # 105| ######## Error: SHELLCHECK_WARNING (CWE-156): [#def141] /usr/share/buildah/test/system/test_buildah_build_rpm.sh:122:12: warning[SC2046]: Quote this to prevent word splitting. # 120| rm -rf ${SBOX} # 121| rm -rf ${PACKAGES} # 122|-> buildah rm $(buildah containers -q) # 123| buildah rmi -f $(buildah images -q) # 124| ${PACKAGER} remove -y buildah Error: SHELLCHECK_WARNING (CWE-156): [#def142] /usr/share/buildah/test/system/test_buildah_build_rpm.sh:123:16: warning[SC2046]: Quote this to prevent word splitting. # 121| rm -rf ${PACKAGES} # 122| buildah rm $(buildah containers -q) # 123|-> buildah rmi -f $(buildah images -q) # 124| ${PACKAGER} remove -y buildah Error: SHELLCHECK_WARNING (CWE-670): [#def143] /usr/share/buildah/test/system/test_runner.sh:4:31: warning[SC2128]: Expanding an array without an index only gives the first element. # 2| set -e # 3| # 4|-> cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" # 5| # 6| # Default to using /var/tmp for test space, since it's more likely to support Error: SHELLCHECK_WARNING (CWE-138): [#def144] /usr/share/buildah/test/system/test_runner.sh:14:15: error[SC2145]: Argument mixes string and array. Use * or separate argument. # 12| # 13| function execute() { # 14|-> >&2 echo "++ $@" # 15| eval "$@" # 16| } Error: SHELLCHECK_WARNING: [#def145] /usr/share/buildah/test/system/test_runner.sh:15:8: warning[SC2294]: eval negates the benefit of arrays. Drop eval to preserve whitespace/symbols (or eval as string). # 13| function execute() { # 14| >&2 echo "++ $@" # 15|-> eval "$@" # 16| } # 17| Error: SHELLCHECK_WARNING (CWE-569): [#def146] /usr/share/buildah/test/system/test_runner.sh:19:7: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate. # 17| # 18| # Tests to run. Defaults to all. # 19|-> TESTS=${@:-.} # 20| # 21| # Run the tests. Error: SHELLCHECK_WARNING (CWE-829): [#def147] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/benchmark.sh:8:6: warning[SC2092]: Remove backticks to avoid executing output (or use eval if intentional). # 6| reference_git=${2:-.} # 7| # 8|-> if ! `hash benchstat 2>/dev/null`; then # 9| echo "Installing benchstat" # 10| go get golang.org/x/perf/cmd/benchstat Error: SHELLCHECK_WARNING (CWE-252): [#def148] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:78:5: warning[SC2164]: Use 'pushd ... || exit' or 'pushd ... || return' in case pushd fails. # 76| fi # 77| # 78|-> pushd "$dir" # 79| go test -covermode=atomic -coverpkg=./... -coverprofile=coverage.out.tmp ./... # 80| cat coverage.out.tmp | grep -v testsuite | grep -v tomltestgen | grep -v gotoml-test-decoder > coverage.out Error: SHELLCHECK_WARNING (CWE-252): [#def149] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:82:5: warning[SC2164]: Use 'popd ... || exit' or 'popd ... || return' in case popd fails. # 80| cat coverage.out.tmp | grep -v testsuite | grep -v tomltestgen | grep -v gotoml-test-decoder > coverage.out # 81| go tool cover -func=coverage.out # 82|-> popd # 83| # 84| if [ "${branch}" != "HEAD" ]; then Error: SHELLCHECK_WARNING (CWE-252): [#def150] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:146:5: warning[SC2164]: Use 'pushd ... || exit' or 'pushd ... || return' in case pushd fails. # 144| fi # 145| # 146|-> pushd "$dir" # 147| # 148| if [ "${replace}" != "" ]; then Error: SHELLCHECK_WARNING (CWE-252): [#def151] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:155:5: warning[SC2164]: Use 'popd ... || exit' or 'popd ... || return' in case popd fails. # 153| export GOMAXPROCS=2 # 154| nice -n -19 taskset --cpu-list 0,1 go test '-bench=^Benchmark(Un)?[mM]arshal' -count=5 -run=Nothing ./... | tee "${out}" # 155|-> popd # 156| # 157| if [ "${branch}" != "HEAD" ]; then Error: SHELLCHECK_WARNING (CWE-156): [#def152] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:272:23: warning[SC2046]: Quote this to prevent word splitting. # 270| esac # 271| # 272|-> bench "${1-HEAD}" `mktemp` # 273| } # 274| Error: SHELLCHECK_WARNING (CWE-88): [#def153] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:276:31: error[SC2068]: Double quote array expansions to avoid re-splitting elements. # 274| # 275| case "$1" in # 276|-> coverage) shift; coverage $@;; # 277| benchmark) shift; benchmark $@;; # 278| *) usage "bad argument $1";; Error: SHELLCHECK_WARNING (CWE-88): [#def154] /usr/share/buildah/test/system/tools/vendor/github.com/pelletier/go-toml/v2/ci.sh:277:33: error[SC2068]: Double quote array expansions to avoid re-splitting elements. # 275| case "$1" in # 276| coverage) shift; coverage $@;; # 277|-> benchmark) shift; benchmark $@;; # 278| *) usage "bad argument $1";; # 279| esac Error: SHELLCHECK_WARNING (CWE-569): [#def155] /usr/share/buildah/test/system/tools/vendor/github.com/securego/gosec/v2/entrypoint.sh:11:12: warning[SC2048]: Use "${array[@]}" (with quotes) to prevent whitespace problems. # 9| fi # 10| # 11|-> /bin/gosec ${ARGS[*]} Error: SHELLCHECK_WARNING (CWE-563): [#def156] /usr/share/buildah/test/system/tools/vendor/github.com/securego/gosec/v2/install.sh:340:1: warning[SC2034]: BINARY appears unused. Verify use (or export if used externally). # 338| OWNER=securego # 339| REPO="gosec" # 340|-> BINARY=gosec # 341| FORMAT=tar.gz # 342| OS=$(uname_os) Error: SHELLCHECK_WARNING (CWE-156): [#def157] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:53:47: warning[SC2046]: Quote this to prevent word splitting. # 51| # Files generated through docker (use $cmd so you can Ctl-C the build or run) # 52| $cmd docker build --tag generate:$GOOS $GOOS # 53|-> $cmd docker run --interactive --tty --volume $(cd -- "$(dirname -- "$0")/.." && /bin/pwd):/build generate:$GOOS # 54| exit # 55| fi Error: SHELLCHECK_WARNING (CWE-569): [#def158] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:59:1: warning[SC2221]: This pattern always overrides a later one on line 59. # 57| GOOSARCH_in=syscall_$GOOSARCH.go # 58| case "$GOOSARCH" in # 59|-> _* | *_ | _) # 60| echo 'undefined $GOOS_$GOARCH:' "$GOOSARCH" 1>&2 # 61| exit 1 Error: SHELLCHECK_WARNING (CWE-569): [#def159] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:59:6: warning[SC2221]: This pattern always overrides a later one on line 59. # 57| GOOSARCH_in=syscall_$GOOSARCH.go # 58| case "$GOOSARCH" in # 59|-> _* | *_ | _) # 60| echo 'undefined $GOOS_$GOARCH:' "$GOOSARCH" 1>&2 # 61| exit 1 Error: SHELLCHECK_WARNING (CWE-569): [#def160] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:59:11: warning[SC2222]: This pattern never matches because of a previous pattern on line 59. # 57| GOOSARCH_in=syscall_$GOOSARCH.go # 58| case "$GOOSARCH" in # 59|-> _* | *_ | _) # 60| echo 'undefined $GOOS_$GOARCH:' "$GOOSARCH" 1>&2 # 61| exit 1 Error: SHELLCHECK_WARNING (CWE-149): [#def161] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:234:125: warning[SC2027]: The surrounding quotes actually unquote this. Remove or escape them. # 232| if [ "$GOOSARCH" == "aix_ppc64" ]; then # 233| # aix/ppc64 script generates files instead of writing to stdin. # 234|-> echo "$mksyscall -tags $GOOS,$GOARCH $syscall_goos $GOOSARCH_in && gofmt -w zsyscall_$GOOSARCH.go && gofmt -w zsyscall_"$GOOSARCH"_gccgo.go && gofmt -w zsyscall_"$GOOSARCH"_gc.go " ; # 235| elif [ "$GOOS" == "illumos" ]; then # 236| # illumos code generation requires a --illumos switch Error: SHELLCHECK_WARNING (CWE-149): [#def162] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkall.sh:234:167: warning[SC2027]: The surrounding quotes actually unquote this. Remove or escape them. # 232| if [ "$GOOSARCH" == "aix_ppc64" ]; then # 233| # aix/ppc64 script generates files instead of writing to stdin. # 234|-> echo "$mksyscall -tags $GOOS,$GOARCH $syscall_goos $GOOSARCH_in && gofmt -w zsyscall_$GOOSARCH.go && gofmt -w zsyscall_"$GOOSARCH"_gccgo.go && gofmt -w zsyscall_"$GOOSARCH"_gc.go " ; # 235| elif [ "$GOOS" == "illumos" ]; then # 236| # illumos code generation requires a --illumos switch Error: SHELLCHECK_WARNING (CWE-563): [#def163] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:37:1: warning[SC2034]: uname appears unused. Verify use (or export if used externally). # 35| fi # 36| # 37|-> uname=$(uname) # 38| # 39| includes_AIX=' Error: SHELLCHECK_WARNING (CWE-563): [#def164] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:39:1: warning[SC2034]: includes_AIX appears unused. Verify use (or export if used externally). # 37| uname=$(uname) # 38| # 39|-> includes_AIX=' # 40| #include <net/if.h> # 41| #include <net/netopt.h> Error: SHELLCHECK_WARNING (CWE-563): [#def165] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:55:1: warning[SC2034]: includes_Darwin appears unused. Verify use (or export if used externally). # 53| ' # 54| # 55|-> includes_Darwin=' # 56| #define _DARWIN_C_SOURCE # 57| #define KERNEL 1 Error: SHELLCHECK_WARNING (CWE-563): [#def166] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:91:1: warning[SC2034]: includes_DragonFly appears unused. Verify use (or export if used externally). # 89| ' # 90| # 91|-> includes_DragonFly=' # 92| #include <sys/types.h> # 93| #include <sys/event.h> Error: SHELLCHECK_WARNING (CWE-563): [#def167] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:114:1: warning[SC2034]: includes_FreeBSD appears unused. Verify use (or export if used externally). # 112| ' # 113| # 114|-> includes_FreeBSD=' # 115| #include <sys/capsicum.h> # 116| #include <sys/param.h> Error: SHELLCHECK_WARNING (CWE-563): [#def168] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:151:1: warning[SC2034]: includes_Linux appears unused. Verify use (or export if used externally). # 149| ' # 150| # 151|-> includes_Linux=' # 152| #define _LARGEFILE_SOURCE # 153| #define _LARGEFILE64_SOURCE Error: SHELLCHECK_WARNING (CWE-563): [#def169] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:337:1: warning[SC2034]: includes_NetBSD appears unused. Verify use (or export if used externally). # 335| ' # 336| # 337|-> includes_NetBSD=' # 338| #include <sys/types.h> # 339| #include <sys/param.h> Error: SHELLCHECK_WARNING (CWE-563): [#def170] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:366:1: warning[SC2034]: includes_OpenBSD appears unused. Verify use (or export if used externally). # 364| ' # 365| # 366|-> includes_OpenBSD=' # 367| #include <sys/types.h> # 368| #include <sys/param.h> Error: SHELLCHECK_WARNING (CWE-563): [#def171] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:407:1: warning[SC2034]: includes_SunOS appears unused. Verify use (or export if used externally). # 405| ' # 406| # 407|-> includes_SunOS=' # 408| #include <limits.h> # 409| #include <sys/types.h> Error: SHELLCHECK_WARNING (CWE-569): [#def172] /usr/share/buildah/test/system/tools/vendor/golang.org/x/sys/unix/mkerrors.sh:448:9: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate. # 446| #include <time.h> # 447| ' # 448|-> ccflags="$@" # 449| # 450| # Write go tool cgo -godefs input. Error: SHELLCHECK_WARNING (CWE-571): [#def173] /usr/share/buildah/test/system/tutorial.bats:18:2: error[SC2314]: In Bats, ! does not cause a test failure. Use 'run ! ' (on Bats >= 1.5.0) instead. # 16| echo "build output:" # 17| echo "${output}" # 18|-> ! grep -q init.scope <<< "$buildoutput" # 19| run sed -e '0,/^CUT START/d' -e '/^CUT END/,//d' <<< "$buildoutput" # 20| # should've found a /sys/fs/cgroup with stuff in it Error: SHELLCHECK_WARNING (CWE-153): [#def174] /usr/share/buildah/test/system/validate/pr-should-include-tests.t:63:25: warning[SC2053]: Quote the right-hand side of != in [[ ]] to prevent glob matching. # 61| local actual_rc=$? # 62| # 63|-> if [[ $actual_rc != $expected_rc ]]; then # 64| echo "not ok $testnum $testname" # 65| echo "# expected rc $expected_rc" Error: SHELLCHECK_WARNING (CWE-571): [#def175] /usr/share/buildah/test/system/validate/pr-should-include-tests.t:120:12: warning[SC2155]: Declare and assign separately to avoid masking return values. # 118| export GITVALIDATE_EPOCH=$parent_sha # 119| export CIRRUS_CHANGE_IN_REPO=$commit_sha # 120|-> export CIRRUS_CHANGE_TITLE=$(git log -1 --format=%s $commit_sha) # 121| export CIRRUS_CHANGE_MESSAGE= # 122| export CIRRUS_PR=$pr Error: GCC_ANALYZER_WARNING (CWE-775): [#def176] buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘parse_proc_stringlist’ buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/containers/storage/pkg/unshare/unshare.c:118:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(list, 0)’ # 116| new_size = used + BUFSTEP; # 117| new_buf = realloc(buf, new_size); # 118|-> if (new_buf == NULL) { # 119| free(buf); # 120| fprintf(stderr, "realloc(%ld): out of memory\n", (long)(size + BUFSTEP)); Error: GCC_ANALYZER_WARNING (CWE-775): [#def177] buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/containers/storage/pkg/unshare/unshare.c:125:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(list, 0)’ # 123| buf = new_buf; # 124| size = new_size; # 125|-> memset(buf + used, '\0', size - used); # 126| n = read(fd, buf + used, size - used - 1); # 127| if (n < 0) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def178] buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘containers_reexec’ buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/containers/storage/pkg/unshare/unshare.c:125:28: warning[-Wanalyzer-malloc-leak]: leak of ‘parse_proc_stringlist("/proc/self/cmdline")’ # 123| buf = new_buf; # 124| size = new_size; # 125|-> memset(buf + used, '\0', size - used); # 126| n = read(fd, buf + used, size - used - 1); # 127| if (n < 0) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def179] buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ # 126| n = read(fd, buf + used, size - used - 1); # 127| if (n < 0) { # 128|-> fprintf(stderr, "read(): %m\n"); # 129| return NULL; # 130| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def180] buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘parse_proc_stringlist’ buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/containers/storage/pkg/unshare/unshare.c:128:25: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’ # 126| n = read(fd, buf + used, size - used - 1); # 127| if (n < 0) { # 128|-> fprintf(stderr, "read(): %m\n"); # 129| return NULL; # 130| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def181] buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/containers/storage/pkg/unshare/unshare.c:154:16: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ # 152| } # 153| } # 154|-> ret[i] = NULL; # 155| return ret; # 156| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def182] buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/containers/storage/pkg/unshare/unshare.c:154:16: warning[-Wanalyzer-malloc-leak]: leak of ‘new_buf’ # 152| } # 153| } # 154|-> ret[i] = NULL; # 155| return ret; # 156| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def183] buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/containers/storage/pkg/unshare/unshare.c: scope_hint: In function ‘containers_reexec’ buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/containers/storage/pkg/unshare/unshare.c:291:12: warning[-Wanalyzer-malloc-leak]: leak of ‘parse_proc_stringlist("/proc/self/cmdline")’ buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/containers/storage/pkg/unshare/unshare.c:18: included_from: Included from here. # 289| return fd; # 290| # 291|-> if (fexecve(fd, argv, environ) == -1) { # 292| close(fd); # 293| fprintf(stderr, "Error during reexec(...): %m\n"); Error: COMPILER_WARNING (CWE-1164): [#def184] buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/mattn/go-sqlite3/sqlite3.go:85:1: warning[-Wunused-function]: ‘_sqlite3_exec’ defined but not used # 85 | _sqlite3_exec(sqlite3* db, const char* pcmd, long long* rowid, long long* changes) # | ^~~~~~~~~~~~~ # 83| # 84| static int # 85|-> _sqlite3_exec(sqlite3* db, const char* pcmd, long long* rowid, long long* changes) # 86| { # 87| int rv = sqlite3_exec(db, pcmd, 0, 0, 0); Error: GCC_ANALYZER_WARNING (CWE-476): [#def185] buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function 'New' buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'c' # 75| CK_C_GetFunctionList list; # 76| struct ctx *c = calloc(1, sizeof(struct ctx)); # 77|-> c->handle = dlopen(module, RTLD_LAZY); # 78| if (c->handle == NULL) { # 79| free(c); Error: GCC_ANALYZER_WARNING (CWE-476): [#def186] buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘New’ buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/miekg/pkcs11/pkcs11.go:77:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘c’ # 75| CK_C_GetFunctionList list; # 76| struct ctx *c = calloc(1, sizeof(struct ctx)); # 77|-> c->handle = dlopen(module, RTLD_LAZY); # 78| if (c->handle == NULL) { # 79| free(c); Error: GCC_ANALYZER_WARNING (CWE-401): [#def187] buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/miekg/pkcs11/pkcs11.go: scope_hint: In function ‘GetAttributeValue.part.0’ buildah-1.37.5-build/buildah-1.37.5/vendor/github.com/miekg/pkcs11/pkcs11.go:316:32: warning[-Wanalyzer-malloc-leak]: leak of ‘*((CK_ATTRIBUTE *)temp).pValue’ # 314| continue; # 315| } # 316|-> temp[i].pValue = calloc(temp[i].ulValueLen, sizeof(CK_BYTE)); # 317| } # 318| return c->sym->C_GetAttributeValue(session, object, temp, templen);
| analyzer-version-clippy | 1.82.0 |
| analyzer-version-cppcheck | 2.16.0 |
| analyzer-version-gcc | 14.2.1 |
| analyzer-version-gcc-analyzer | 15.0.0 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-18.us-west-2.compute.internal |
| mock-config | fedora-rawhide-gcc-latest-x86_64 |
| project-name | buildah-1.37.5-1.fc42 |
| store-results-to | /tmp/tmpammkjx3j/buildah-1.37.5-1.fc42.tar.xz |
| time-created | 2024-11-12 23:32:44 |
| time-finished | 2024-11-12 23:45:08 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpammkjx3j/buildah-1.37.5-1.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpammkjx3j/buildah-1.37.5-1.fc42.src.rpm' |
| tool-version | csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9 |